CISO Alliances Session Information

  Post Session Report – CISO Alliances Nairobi April 21st 2023

Date: Friday, 21st April 2023

Time: 9:00am – 16:45pm

Venue:  Nairobi (Disclosed to participants only)

Location:  Nairobi, Kenya

The Alliances chapter is a gathering consists of business risk, information and cyber security leaders who have been highlighted as being able to offer value in terms of content and influence. It is designed to form alliances and to drive progressive change in the business world and beyond.

The content and format is designed to talk together, learn better and experience more. 

Format: Invite only Security Leaders debating pertinent, real life issues through the form of open forums, workshops and  Panels.

Chatham House Rule will be applied

Outcomes:

  1. Depth achieved around business objectives where the opportunity of experience within the attendees is leveraged
  2. Benchmarking and verification of thought processes outside of existing networks i.e. the broader CISO Alliances community
  3. Industry progression and unity in impacting the challenges of the common business objectives
  4. Not corporate flag waiving or sales pitches.  We insist, do that elsewhere.

Maps were disabled by the visitor on this site. Click to open the map in a new window.
0Weeks0Days0Hours0Minutes0Seconds
Register and Join the Alliances

Chapter Order of the Day

0900
Registration and Networking

Registration

0930
Session 1
Workshop

Session Moderator: Michael Michie

Session: Group Workshop

Session Theme Title: “Open AI – Our friend or Foe?”

Session Overview and Synopsis:

Unfortunately, AI can be used by criminals for a variety of illegal activities. As with any technology, AI has both positive and negative applications, depending on how it is used.

We will kick start the day with a group workshop where we divide into sub-groups and debate:

  1. Cyberattacks: Criminals can use AI to develop sophisticated malware that can bypass security measures and infiltrate computer systems.
  2. Fraud: AI can be used to create realistic fake identities, which can be used to commit identity theft and financial fraud.
  3. Social engineering: Criminals can use AI-powered chatbots to engage with potential victims and trick them into revealing sensitive information or performing actions that benefit the criminal.
  4. Deepfakes: Criminals can use AI to create convincing deepfake videos and images that can be used to blackmail or extort individuals.

Session Outcome: 

  • A collective response of perspectives

1030

Networking Break

supported by:

1100

Session 2
Open Forum

Session Leaders:

  • Trevor Coetzee, Regional Director Sub-Saharan Africa – Palo Alto Networks
  • Nikunj Haria, Pre-Sales Manager – Westcon-Comstor

Session Theme Title: Strengthening Cybersecurity with Defense in Depth Approach

Session Overview and Synopsis: Zero Trust Principles – Best Practices & Real-World Applications

Zero trust and layered security are two different concepts but are often used together to improve the overall security posture of an organization.

Zero trust is a security concept that assumes that all users, devices, and applications, both inside and outside of an organization’s network, are untrusted until they are verified and authenticated. This means that zero trust security operates on the principle of “never trust, always verify.” In practice, this means that access to resources is restricted to only those users and devices that have been verified and authorized to access them.

Layered security, on the other hand, is a strategy that involves implementing multiple layers of security controls to protect an organization’s assets. This approach recognizes that no single security measure can provide complete protection against all types of threats. Instead, multiple layers of security are implemented, with each layer designed to detect and prevent different types of threats. This approach also ensures that if one layer of security is breached, there are other layers in place to provide additional protection.

Session Outcome:

  • How combining zero trust and layered security can create a comprehensive security strategy that provides multiple layers of protection while also ensuring that only verified and authorized users and devices are allowed to access sensitive resources.
  • How this approach can help organizations reduce their overall risk and improve their ability to detect and respond to security incidents.

1215

Networking Lunch

Supported by:

1345

Group Roundtable

Session Theme Title: Ransomware – What is the real impact???

Session Overview and Synopsis:

The impact of ransomware can be significant and far-reaching, both for individuals and organizations.

These include:

  • Financial impact:
  • Operational impact:
  • Security impact:
  • Psychological impact:

During the group discussion we will address the above impacts and explore the proactive measure needed to prevent such attacks.

We will conclude with a ‘Quiz’ to include prizes for the team with the best score.

1445

Networking Break

1500

Session 4

End User Perspective

Session Moderator: Cephas Okal, ICT Manager – Sumac Microfinance Bank Ltd

Panellists:

– Samuel Kahura Wachira, CISO – CIC Insurance

– Kevin Kiereini, Regional Head of IT – East Africa – Jumia

– Geoffrey Munga, Senior Manager Cyber security – Safaricom

Session Theme Title: “MTD – Leveraging Uncertainty for Cyber Defense”

Session Overview and Synopsis: 

Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. Moving target defense (MTD) has emerged as one of the game-changing themes to alter the asymmetric situation between attacks and defenses in cyber-security. MTD is distinguished from the traditional reactive defense by the fact that it can move one or more system attributes continually. The ability of MTD can be implemented in one of the three layers (software, running platform, and physical network) or more.

Touch Points: 

• How MTD reduces the need for threat detection
• How MTD enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers
• How MTD can limit the exposure of vulnerabilities and opportunities for attack
• How MTD can increase system resiliency

1600

Interactive Discussion

Post Panel Discussion

1645

Post Alliances Networking

Thank you